Unable to use painless script in group_by term in transform

Elastic Stack Elasticsearch
1

following the tutorial from https://www.elastic.co/guide/en/elasticsearch/reference/current/transform-painless-examples.html#painless-group-by

POST _transform/_preview
{
  "source": {
    "index": [ 
      "kibana_sample_data_logs"
    ]
  },
  "pivot": {
    "group_by": {
      "agent": {
        "terms": {
          "script": { 
            "source": """String agent = doc['agent.keyword'].value;
            if (agent.contains("MSIE")) {
              return "internet explorer";
            } else if (agent.contains("AppleWebKit")) {
              return "safari";
            } else if (agent.contains('Firefox')) {
              return "firefox";
            } else { return agent }""",
            "lang": "painless"
          }
        }
      }
    },
    "aggregations": { 
      "200": {
        "filter": {
          "term": {
            "response": "200"
          }
        }
      },
      "404": {
        "filter": {
          "term": {
            "response": "404"
          }
        }
      },
      "503": {
        "filter": {
          "term": {
            "response": "503"
          }
        }
      }
    }
  },
  "dest": { 
    "index": "pivot_logs"
  }
}

response:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "x_content_parse_exception",
        "reason" : "[1:20] [data_frame_terms_group] unknown field [script]"
      }
    ],
    "type" : "x_content_parse_exception",
    "reason" : "[1:447] [data_frame_transform_config] failed to parse field [pivot]",
    "caused_by" : {
      "type" : "x_content_parse_exception",
      "reason" : "[1:447] [data_frame_transform_pivot] failed to parse field [group_by]",
      "caused_by" : {
        "type" : "x_content_parse_exception",
        "reason" : "[1:20] [data_frame_terms_group] unknown field [script]"
      }
    }
  },
  "status" : 400
}

elastic version:

{
  "name" : "loges",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "1jvrf2DvTbCByIZMjMFPqA",
  "version" : {
    "number" : "7.6.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "aa751e09be0a5072e8570670309b1f12348f023b",
    "build_date" : "2020-02-29T00:15:25.529771Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}
2

The documentation link targets the latest version which is 7.8, your version is 7.6.1.

Script support in group_by has been added in 7.7.

3

Thanks @Hendrik_Muhs, Do we have any alternative with same concept, in 7.6.1 ?

4

If your usecase is similar to the one from the documentation, you could fix the data during ingest or clean it up using reindex.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.